[SUPERPETZ MALWARE NETPAD & NETMASTER ALERT !]
.++.
|()()|
| /\ |
<<><>>
//||\\
////\\\\
/////\\\\\
\\\\\/////
/////\\\\\
\\\\\/////
\\\\////
''''''
(collect them all!!)
About Netpad:
-=---------=-
<selective juicy bits from from levcgi.com netpad.cgi readme>
" Yes, the rumors are true; you can use NetPad to hack other's web sites or plain out destroy them. As is the case with all of the NetMaster programs, so is this a hazardous tool and can be used for malicious fun at your own risk! Please, keep in mind that the following information should be considered for educational purposes only and using this program in any illegal manner is at your OWN discretion. I cannot and will not be held responsible for the foul use of this or any of my programs!
Now, let's get started with some basics on how web servers and hosting companies work. When you pay for hosting your site is on a server with often up to hundreds of other sites! Every user has their own main directory which is located at a specific system path. Sometimes it will look like "/home/sites/site24/web/" while other times maybe "/www/htdocs/www.domain.com/web/" or something along those lines. Nearly all CGI programs use those paths to dynamically create files on the fly as well as reference other needed bits of data. With that knowledge alone you are quite capable of dealing some pretty nasty damage!
Remember that when you are setting up NetPad you are required to enter the full path to your main directory. This is so you can open and edit the files successfully! But, now what if you were to enter in ANOTHER path instead of yours? Well quite simply, you could open up other files on the server, and yes you can even "edit" their files as well! Keep in mind this will vary greatly from server to server, but I have learned that many servers leave this in plain site to deal the damage with ease. Let's assume that your path is "/home/sites/site24/web/". Obviously by looking at that we can come to the conclusion most probably at least 23 other sites are being hosted on your server. So if you try entering "/home/sites/site23/web/" you will actually be opening up files for SOMEONE ELSE'S site! This is a great way to steal source code, when it normally would be forbidden.
But wait! It gets even worse! Many servers out there allow you to amend/edit files WITHOUT even giving them proper permissions! Normally a file must be set to CHMOD 777 if the server is to write to it on the fly, yet some servers out there do NOT do this and a file simply set at the standard 644 can be written to! This can potentially cause a big security loop-hole as anyone with a mischievous mind can take advantage of it! How you say? Simple! All you would need to do is change the path to that of another site on the server and open up their files. Once you have done so you can go crazy and edit their pages in anyway you desire!
But how do you know what their files are named you ask? By using your brain! Nearly every single web site is run off Apache software, and even more use an "index" file as your main file for each folder. So, when you are trying to hack into someone's site using NetPad and want the names of their files so you can play with their site, try starting with their index file. First try opening "index.html". If that doesn't work open "index.htm". Still no dice? Well try any of these until you get a match: index.cgi, index.pl, index.php, index.asp, index.jhtml, index.shtml, index.cfm... etc. The list can go on quite long but these tend to be the most popular choices!
If you are serious in your efforts to wreck havoc on the net, then you should do two things. First, NetPad is a package of a larger collection of webmaster tools called NetMaster. Get the full package first! You will be ready for nearly anything! You will be able to perform various tasks such as setting file permissions in the browser, uploading files, renaming, moving and deleting files and so on! The second thing you should do is think about respect and property. Many people spend a long time creating their websites and to many of them it is the milestone of their life; don't go around screwing with anyone's site whom you do not even know. Not only is it wrong, but it is illegal in most countries! Not only are you really pissing off people and crushing their creative outlet but you are risking jail time. The information I have provided was merely a means of education and to exploit many server insecurities
in an effort to hopefully fix them and keep things more secure. If you are concerned with the security of your server confront them! you never know; maybe they will try and fix up their weak spots and keep your site in better hands!
In closing with using NetPad to hack I will state it is your own choice! Doing so can get you wound up in jail. I won't be crying for you! Your actions will bring on your own consequences so don't try and shift the blame on me! Think of it like this; would you want someone you don't know screwing your site up just because they found a new toy? I didn't think so... If you are going to risk getting kicked off your server and possibly go to jail ask yourself if it is worth it. "
ALERT DETAILS:
-=----------=-
Path Disclosure and Command Execution vulnerabilities discovered by fellow researchers b0iler(b0ilerat_private) and BrainRawt(brainrawtat_private) are special features made by EVIL LEVCGI guy. Unfiltered input to open() function is special trapdoor for malicious guys to break webservers. Entire Netmaster suite is also for secret hacking of websites. BEWARE! DO NOT INSTALL THIS SOFTWARE! IT IS PURPOSELY INSECURE SO YOU CAN GET HAKKED!!
Vendor website: http://www.levcgi.com/
Chek out the following sites if you do not think LEV is a spooky guy:
http://www.taintedthoughts.com/
http://www.lordofdeception.com/
http://www.gothcities.com/
He spooks me all the way to heck!!
(that's all)
Hush provide the worlds most secure, easy to use online applications - which solution is right for you?
HushMail Secure Email http://www.hushmail.com/
HushDrive Secure Online Storage http://www.hushmail.com/hushdrive/
Hush Business - security for your Business http://www.hush.com/
Hush Enterprise - Secure Solutions for your Enterprise http://www.hush.com/
Looking for a good deal on a domain name? http://www.hush.com/partners/offers.cgi?id=domainpeople
This archive was generated by hypermail 2b30 : Tue May 14 2002 - 12:30:44 PDT